In today’s modern business world virtually all data and personal or corporate information is managed and stored electronically.

Whether it be profiles of employees, credit card information, sensitive demographic information about customers, internal information on budgets, customer lists, or personal health information, companies of any size face very real liability issues if this data is stolen, manipulated or were to fall into the wrong hands and enter the public domain.

More and more we hear on the news and read in our local newspapers, stories about cyber crime including lost, stolen and hacked personal information and records.Many of these stories concern compromised credit card records, stolen computer equipment containing sensitive company or customer / patient information, employees who have downloaded copies of confidential records prior to leaving the company, and organisations who face ransom demands after having their systems locked down via service denial attacks.

The potential risk of data breach and cyber crime for any company, large or small is ever increasing.Smaller organisations are perceived to be an easier target for cyber crime and hacking, as their IT security measures are likely to be less robust.While the recovery of data and replacement of equipment is a costly exercise in itself, such an event can lead to the organisation facing regulatory investigation, civil fines and penalties as well as litigation.

Many traditional liability insurance policies such as Management Liability orProfessional Indemnity policies fall short of indemnifying many of the technological cyber crime risks being faced by business today.As such, a standalone cyber crime policy is the best way to combatthis risk and potential liability.

It is likely that the legislative responsibility for a business to protect personal or sensitive data in Australia will follow the changes that have occurred in international business environments with huge financial penalties andmandatory / enforced on-going data monitoring if a breach occurs.Organisations should source a policy and indemnity level that addresses and reflects the full range of issues that relate to cyber crime rather than opting for ‘the something is better than nothing’ approach.

Not all policies are alike, the below list describes many of the issues that surround cyber crime.A quality policy should address each liability or circumstance.

Personal Data Liability

A breach concerning personal information and data protection

Corporate Data Liability

Breach of corporate information


Breach of data protection by an outsourced provider where the policyholder is legally liable

Data Security

Damage resulting from any breach of duty that ends in:

  • malicious contamination
  • denial of access attacks
  • theft of an access code to computer system
  • destruction/corruption, modification, damage or deletion of data
  • physical theft of hardware

Data disclosure

Due to a breach of data security

Defence Costs

in respect of any litigation brought by a data protection authority

Cyber Extortion

extortion loss incurred as a result of a security threat

Data Administrative Investigations

costs and expenses for legal advice and representation in connection with a formal  investigation by data protection or other authority


Insurable fines and penalties imposed by a government authority, data protection or regulatory authority for a breach of data protection laws or regulations

Notification and Monitoring Costs

costs and expenses of the insured if the legally required and/or  voluntary disclosure to data subjects if required

Reputational Repair of the Company and Individual

Reimbursement of costs incurred in relation to reputational damage due to a claim covered by this policy

Media Content

that results in an infringement; plagiarism, piracy or misappropriation or theft of ideas; libel or slander committed without malice; or an intrusion, invasion

Network Interruption Insurance

Loss of Net income (net profit or loss before income taxes) that would have been earned; if not for a security failure / breach.

Product Documents

Cyber and Computer Crime FACT SHEET

Need more information? Call us on 1800 177 163.